#!

###########################
# VPN SSL Settings
###########################
config vpn ssl settings
set dns-server1 198.18.0.91
#set dns-server2  198.18.0.1
set idle-timeout 1800
set port  10443
set auto-tunnel-policy disable
set auto-tunnel-static-route disable
end

# To delete "all" widget's ID use on CLI:
# 
# (widget) # purge
# This operation will clear all table!
# Do you want to continue? (y/n)y
# 
# To delete "specific" ID use:
# del [specifig ID example "1"]
#
###########################
# VPN SSL Settings Web Portal
###########################
config vpn ssl web portal
edit mydomain1-web-acces.local
set allow-access web ftp smb telnet ssh vnc rdp ping citrix rdpnative portforward
set heading "Welcome to mydomain1"
set page-layout double-column 
set allow-user-bookmark enable
set mac-addr-check disable
set auto-prompt-mobile-user-download disable 
set limit-user-logins enable 
set host-check none 
set virtual-desktop disable 
set os-check disable 
set cache-cleaner disable 
config widget
# delete 1
edit 1
set name "Session Information"
set type info
set column one
set collapse disable
next
# delete 2 
edit 2
set name "Connection Tool"
set type tool 
set column two
set collapse disable
set allow-apps web ftp smb telnet ssh vnc rdp ping citrix rdpnative portforward
next
# delete 3
edit 3
set name "Bookmarks" 
set type bookmark 
set column one 
set collapse disable 
set allow-apps web ftp smb telnet ssh vnc rdp citrix rdpnative portforward
# config bookmarks
# edit TerminalServerRDPNative
# set apptyp rdpnative
# set description "TerminalServerRDPNative"
# set host 4.4.4.4
# set full-screen-mode disable
# set screen-height 900
# set screen-width 1600
# next
# edit TerminalServerRDP
# set apptyp rdp
# set description "TerminalServerRDP"
# set set host 4.4.4.4
# set full-screen-mode disable
# set screen-height 900
# set screen-width 1600
# set keyboard-layout de-ch
# end
next
# delete 4
edit 4
set name "Tunnel Mode"
set type tunnel 
set column two 
set collapse disable 
set split-tunneling enable 
set dns-server1 198.18.0.91
# set dns-server2 5.5.5.5
# set wins-server1 0.0.0.0
# set wins-server2 0.0.0.0
# set ipv6-split-tunneling enable 
# set ipv6-dns-server1 ::
# set ipv6-dns-server2 ::
# set ipv6-wins-server1 ::
# set ipv6-wins-server2 ::
set ip-mode range 
set ip-pools net-mydomain1-ip-pool-ssl-vpn-198.18.1.0-25
set split-tunneling-routing-address net-mydomain1-lan-198.18.0.0-24
# set ipv6-split-tunneling-routing-address ::
set save-password enable 
set keep-alive enable 
set auto-connect disable 
next
# delete 5
edit 5
set name "Login History"
set type history
set column one
set collapse disable
set display-limit 5
next
# delete 6
# edit 6
# set name "FortiClient Download"
# set type forticlient-download 
# set column two 
# set collapse disable 
# next
end
end
#
# Delete not neccessary Connection Tool
#
# config vpn ssl web portal
# edit mydomain1-web-acces.local
# config widget
# delete 2
# end
# end

###########################
# IPSec Phase 1 FortiClient Settings (Interface Based)
###########################
config vpn ipsec phase1-interface
edit ipsec-fc
set comments "IPSec Phase1 FortiClient 5.0.x mydomain1-sg0e0"
set type dynamic 
set interface  wan1 
set ip-version  4 
set local-gw 0.0.0.0
set nattraversal enable 
set dhgrp 5 
set keylife 28800
set authmethod psk 
set mode aggressive 
set peertype any 
set xauthtype auto 
set mode-cfg  enable 
set proposal 3des-sha1 aes128-sha1 
set localid  ipsec-fc 
set localid-type auto 
set negotiate-timeout 30
set fragmentation enable 
set dpd enable 
set forticlient-enforcement disable 
set npu-offload enable 
set xauthexpire  on-disconnect 
set authusrgrp gr-ipsec-fc-vpn-mydomain1.local 
set default-gw 0.0.0.0
set default-gw-priority 0
set assign-ip enable 
set mode-cfg-ip-version 4 
set assign-ip-from range 
set add-route enable 
set ipv4-start-ip 198.18.1.129
set ipv4-end-ip 198.18.1.254
set ipv4-netmask  255.255.255.128
set dns-mode manual 
set ipv4-dns-server1 198.18.0.91
set ipv4-dns-server2 0.0.0.0
set ipv4-dns-server3 0.0.0.0
set ipv4-wins-server1 0.0.0.0
set ipv4-wins-server2 0.0.0.0
#set ipv4-exclude-range 0.0.0.0
set ipv4-split-include net-mydomain1-lan-198.18.0.0-24 
#set split-include-service  
set unity-support enable 
#set domain   
#set banner  
set include-local-lan disable 
set save-password disable 
set client-auto-negotiate disable 
set client-keep-alive enable 
set psksecret  "only4mydomain1!"
set keepalive 10
set distance 1
set priority 0
set dpd-retrycount 3
set dpd-retryinterval 5
next
end
###########################
# IPSec Phase 2 FortiClient Settings (Interface Based)
###########################
config vpn ipsec phase2-interface
edit ipsec-fc
set comments "IPSec Phase2 FortiClient 5.0.x mydomain1-sg0e0"
set dst-addr-type subnet 
set dst-port 0
set encapsulation tunnel-mode 
set keepalive enable 
set keylife-type seconds 
set pfs enable 
set phase1name ipsec-fc 
set proposal 3des-sha1 aes128-sha1 
set protocol 0
set replay enable 
set route-overlap use-new 
set single-source disable 
set src-addr-type subnet 
set src-port 0
set dhgrp 5 
set dst-subnet 0.0.0.0 0.0.0.0
set keylifeseconds 1800
set src-subnet 0.0.0.0 0.0.0.0
next
end
###########################
# IPSec Phase 1 IOS Settings (Interface Based)
###########################
config vpn ipsec phase1-interface
edit ipsec-ios
set comments "IPSec Phase1 IOS mydomain1-sg0e0"
set type dynamic 
set interface wan1 
set ip-version 4 
set local-gw 0.0.0.0
set nattraversal enable 
set dhgrp 2 
set keylife 28800
set authmethod psk 
set mode aggressive 
set peertype any 
set xauthtype auto 
set mode-cfg enable 
set proposal aes256-md5 aes256-sha1 
set localid ipsec-ios 
set localid-type auto 
set negotiate-timeout 30
set fragmentation enable 
set dpd enable 
set forticlient-enforcement disable 
set npu-offload enable 
set xauthexpire on-disconnect 
set authusrgrp gr-ipsec-ios-vpn-mydomain1.local 
set default-gw 0.0.0.0
set default-gw-priority 0
set assign-ip enable 
set mode-cfg-ip-version 4 
set assign-ip-from range 
set add-route enable 
set ipv4-start-ip 198.18.4.1
set ipv4-end-ip 198.18.4.126
set ipv4-netmask 255.255.255.128
set dns-mode manual 
set ipv4-dns-server1 198.18.0.91
set ipv4-dns-server2 0.0.0.0
set ipv4-dns-server3 0.0.0.0
set ipv4-wins-server1 0.0.0.0
set ipv4-wins-server2 0.0.0.0
#set ipv4-exclude-range
set ipv4-split-include net-mydomain1-lan-198.18.0.0-24 
#set split-include-service 
set unity-support enable 
#set domain
#set banner 
set include-local-lan disable 
set save-password disable 
set client-auto-negotiate disable 
set client-keep-alive disable 
set psksecret "only4mydomain1!"
set keepalive  10
set distance 1
set priority 0
set dpd-retrycount 3
set dpd-retryinterval 5
next
end
###########################
# IPSec Phase 2 IOS Settings (Interface Based)
###########################
config vpn ipsec phase2-interface
edit ipsec-ios
set comments "IPSec Phase2 IOS mydomain1-sg0e0"
set dst-addr-type subnet 
set dst-port 0
set encapsulation tunnel-mode 
set keepalive enable 
set keylife-type seconds 
set pfs disable 
set phase1name ipsec-ios 
set proposal aes256-md5 aes256-sha1 
set protocol  0
set replay enable 
set route-overlap use-new 
set single-source disable 
set src-addr-type subnet 
set src-port 0
set dst-subnet 0.0.0.0 0.0.0.0
set keylifeseconds 1800
set src-subnet 0.0.0.0 0.0.0.0
next
end
###########################
# IPSec Phase 1 Cisco Native Settings (Interface Based)
###########################
config vpn ipsec phase1-interface
edit ipsec-cisco
set comments "IPSec Phase1 Cisco Native mydomain1-sg0e0"
set type dynamic 
set interface wan1 
set ip-version  4 
set local-gw 0.0.0.0
set nattraversal enable 
set dhgrp 2 
set keylife  28800
set authmethod psk 
set mode main 
set peertype any 
set xauthtype auto 
set mode-cfg enable 
set proposal aes256-sha1 aes256-md5 
set localid ipsec-cisco 
set localid-type auto 
set negotiate-timeout 30
set fragmentation enable 
set dpd enable 
set forticlient-enforcement disable 
set npu-offload enable 
set xauthexpire on-disconnect 
set authusrgrp gr-ipsec-cisco-vpn-mydomain1.local 
set default-gw 0.0.0.0
set default-gw-priority 0
set assign-ip enable 
set mode-cfg-ip-version 4 
set assign-ip-from range 
set add-route enable 
set ipv4-start-ip 198.18.5.1
set ipv4-end-ip 198.18.5.126
set ipv4-netmask 255.255.255.128
set dns-mode manual 
set ipv4-dns-server1 198.18.0.91
set ipv4-dns-server2 0.0.0.0
set ipv4-dns-server3 0.0.0.0
set ipv4-wins-server1 0.0.0.0
set ipv4-wins-server2 0.0.0.0
#set ipv4-exclude-range
#set ipv4-split-include
#set split-include-service 
set unity-support enable 
#set domain
#set banner 
set include-local-lan  disable 
set save-password disable 
set client-auto-negotiate disable 
set client-keep-alive  disable 
set psksecret "only4mydomain1!"
set keepalive 10
set distance 1
set priority 0
set dpd-retrycount 3
set dpd-retryinterval 5
next
end
###########################
# IPSec Phase 2 Cisco Native Settings (Interface Based)
###########################
config vpn ipsec phase2-interface
edit ipsec-cisco
set comments "IPSec Phase2 Cisco Native mydomain1-sg0e0"
set dst-addr-type subnet 
set dst-port 0
set encapsulation tunnel-mode 
set keepalive enable 
set keylife-type seconds 
set pfs disable 
set phase1name ipsec-cisco 
set proposal aes256-sha1 aes256-md5 
set protocol 0
set replay  enable 
set route-overlap use-new 
set single-source disable 
set src-addr-type subnet 
set src-port 0
set dst-subnet 0.0.0.0 0.0.0.0
set keylifeseconds 1800
set src-subnet 0.0.0.0 0.0.0.0
next
end
###########################
# IPSec L2TP Settings (Policy Based)
###########################
config vpn l2tp
set sip 198.18.4.129
set eip 198.18.4.254
set status enable
set usrgrp "gr-ipsec-l2tp-vpn-mydomain1.local"
end
###########################
# IPSec Phase 1 L2TP Settings (Policy Based)
###########################
config vpn ipsec phase1
edit ipsec-l2tp 
set comments "IPSec Phase1 L2TP mydomain1-sg0e0"
set type dynamic 
set interface wan1 
set ike-version  1 
set local-gw 0.0.0.0
set nattraversal enable 
set dhgrp 1 2 5 14 
set keylife 28800
set authmethod psk 
set mode main 
set peertype  any 
set xauthtype disable 
set autoconfig disable 
set proposal  3des-sha1 aes128-sha1 
set localid  ipsec-l2tp 
set localid-type auto 
set negotiate-timeout 30
set fragmentation enable 
set dpd enable 
set forticlient-enforcement disable 
set npu-offload enable 
set psksecret "only4mydomain1!"
set keepalive 10
set distance 1
set priority 0
set auto-negotiate enable 
set dpd-retrycount 3
set dpd-retryinterval 5
next
end
###########################
# IPSec Phase 2 L2TP Settings (Policy Based)
###########################
config vpn ipsec phase2
edit ipsec-l2tp
set comments "IPSec Phase2 L2TP mydomain1-sg0e0"
set phase1name ipsec-l2tp 
set use-natip enable 
set add-route disable 
set proposal 3des-sha1 aes128-sha1 
set pfs disable 
set replay enable 
set keepalive enable 
set keylife-type both 
set encapsulation transport-mode 
set l2tp enable 
set protocol 0
set src-port 0
set dst-port 0
set dhcp-ipsec disable 
set keylifeseconds 3600
set keylifekbs 250000
next
end